zlacker

[parent] [thread] 1 comments
1. mike_h+(OP)[view] [source] 2022-08-02 14:15:06
The US Gov requirements don't require that cloud services make as much data available to themselves as possible, only that they provide access to what they do have (otherwise end to end encrypted messengers would already be illegal and shut down).
replies(1): >>autoex+S72
2. autoex+S72[view] [source] 2022-08-03 02:21:56
>>mike_h+(OP)
> The US Gov requirements don't require that cloud services make as much data available to themselves as possible, only that they provide access to what they do have (otherwise end to end encrypted messengers would already be illegal and shut down).

The US gov can walk into any company and demand everything and anything they want while making it illegal for anyone at that company to say a damn thing to anyone about it. This includes taking over parts of that company's facilities and taking a copy of every last bit of data that goes in and out (see room 641A - they've been doing it for ages).

"secure" enclaves can't save us here because the companies who develop them are subject to the same government who can insist on adding backdoors in their products. Even without explicit support of the companies involved we've already seen side-channel attacks that allow access to the data in enclaves.

As for end to end encrypted messengers, it's reasonable to suspect that once they gain enough popularity they will be compromised in some form or another. Signal, for example, had gotten a lot of attention followed by another huge jump in popularity after WhatsApp changed their privacy policy.

Signal also suddenly started collecting and storing sensitive user data in the cloud, they ignored protests from their users about it, were extremely shady in their communications surrounding that move, and have never updated their privacy policy to reflect their new data collection practices. Does that mean that Signal has been compromised? In my opinion, probably (refusing to update their privacy policy is a huge dead canary), but even if it hasn't it absolutely means the government can march in and take whatever they want including data they'd have to use a backdoor or an exploit to access.

Lawmakers have been trying to ban or control end to end encryption for years. (See https://www.forbes.com/sites/zakdoffman/2020/06/24/new-warni... or https://www.eff.org/deeplinks/2020/07/new-earn-it-bill-still... or https://www.cnbc.com/2020/10/12/five-eyes-warn-tech-firms-th...) and while they've so far been kept at bay eventually they'll succeed in sneaking it past us in one form or another.

For now, it's perhaps better in their view to let us think our communications are more secure than they are. (See https://www.zdnet.com/article/australias-encryption-laws-use... and https://gizmodo.com/the-fbis-fake-encrypted-honeypot-phones-...)

[go to top]